Form Inventory report

This report provides an inventory of the pages that contain forms and the type of submission method the form uses.

Why it matters

Use this report to analyze data collection practices and identify forms that might potentially be inconsistent with privacy policies or lead to information leaks, and is critical to understanding the type of notice given to users when they provide information about themselves.

Remediation and best practices for using forms

  • Do not collect more information than is needed for the business purpose.
  • Make it clear what information is optional.
  • Ensure measures are in place to secure visitor information.
  • Wherever possible, use the POST method of form submission.
  • If you must use the GET method, make sure that the URLs of web pages that contain data entry forms pages are not capturing personal information submitted by the user.
  • Provide a link to the privacy statement on every web page.
  • Make sure the privacy statement clearly explains how the collected information will be used.
  • Ensure that forms collecting PII, such as credit card information, use an encryption key length of 128 bits.
  • Ensure forms have unique names; this makes it easier to exclude irrelevant forms from appearing in reports.